Research And Application Of The Deformed Password Pattern

Passwords are the main identity authentication method on the Internet,and are vital to protect user information security.This thesis starts with the regularity of password construction by users,and focuses on the research of password guessing techniques to improve the success rate of password guessing.Research of passwords is a great significance for practical applications such as password recovery and password evaluation.First,this thesis perform feature analysis on multiple real password sets.We compared the regularity of passwords between China with Europe and America,according to the perspectives of common passwords,password length distribution,character frequency,character type structure,identity information usage frequency,and password reuse.And we introduced three guessing methods including PCFG,Markov and corpus product rule.Then,this thesis innovatively proposes the method of deformed corpus product rule,which segment the password based on string approximate matching and supports dentify the structural characteristics of the deformed password.This method is aim to guess password which struct is complicated.Experiments show that for complex passwords in Europe and America,when the number of guesses is less than 10¹¹,the guess efficiency of the deformed corpus product rule is higher than that of the corpus product rule method.And in multiple guessing experiments,when the number of guesses is 10⁹,the guessing success rate of this method is higher than that of PCFG and Markov methods.In addition,the guessing dictionary generation speed of the deformed corpus product rule is 248 times faster than the PCFG method.Finally,this thesis proposes a target rule guessing method based on the deformed corpus product method by combining user personal information and reused passwords.This method can greatly improve the success rate of guessing when the user's personal information and password reuse are known.In the 12306&duduniu password set experiment,we can achieve a success rate of 36.69%only guessing 5 times when the user identity information and the reused password are known.The success rate reaches56.56%when the number of guesses reaches 10⁵.After experimental comparison,when the number of guesses is less than 100,the success rate of the target rules is higher than that of the Person-PCFG method.And when guess number is less 30000,the guessing efficiency of target rules is higher than that of Hashcat's collision deformation method.